New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DRILL-6610: Add support for Minimum TLS restriction. #1388
Conversation
} else { | ||
return boost::asio::ssl::context::tlsv12; | ||
} | ||
} | ||
|
||
/// @brief Applies Minimum TLS protocol restrictions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please add a comment saying version tlsv11+
means tls version 1.1 or higher
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
return SSL_OP_NO_TLSv1; | ||
} else if (in_ver == "tlsv12+") { | ||
return (SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like SSL_OP_NO_TLSv1
and others are getting deprecate with 1.1.0 openssl. Please see here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added a note of that in the comments
return (SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); | ||
} | ||
#endif | ||
return 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think by default we can always return SSL_OP_NO_SSLv3
even though we are setting options to context for no_sslv2 | no_sslv3;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks.
@superbstreak Could you please respond to review comments? In that case there these changes can be included to the Apache Drill 1.15 release version. |
cccc659
to
56fab19
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the changes. + 1
No description provided.